GRC Standards & Toolkits

Authoritative Standards

Rooted in decades of member experience, rigorously verified by experts.
  1. GRC Capability Model 3.5

    The GRC Capability Model (OCEG Red Book) helps GRC professionals plan, assess, and improve their GRC capabilities in order to achieve Principled Performance. Available for free with our Basic Membership.

    Find out more

  2. GRC Assessment Tools 3.0

    The GRC Assessment Tools (OCEG Burgundy Book) provides audit and assurance professionals, as well as those overseeing GRC capabilities, with a common set of assessment procedures to be used in reviewing GRC capabilities.

    Find out more

  3. Policy Management Capability Model

    Visit our newest offering, Policy Management Pro to get your copy and view our policy management training course.

    Find out more

  4. Data Privacy Capability Model

    Get your copy and put data privacy principles into practice.

    Find out more